I have replaced the certificate and private key to renew my SSL certificate on my Linux server. This is for APACHE by the way. I am positive I am using the right private key, and in the ssl.config file, I have directed the path to the correct places.
i.e - SSLCertificateFile & SSLCertificateKeyFile.
But I still get this error below:
" AH01909: RSA certificate configured for hostname:443 does NOT include an ID which matches the server name
[Wed May 20 21:17:33.432341 2020] [ssl:emerg] [pid 2607] AH02238: Unable to configure RSA server private key
[Wed May 20 21:17:33.432366 2020] [ssl:emerg] [pid 2607] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch"
what could I be missing?
#Oluwatobi Elugbadebo. It sounds like you have used the wrong hostname to generate the certificates. Not knowing your environment, I cannot comment further. However I would recommend using Let's Encrypt / Certbot for free ssl and very minimal setup to turnkey add SSL to any apache2 hosted domain. It will handle everything related to the cert and modification of apache files.
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
Related
I am facing a kinda strange problem in my Apache error log. I know that this message is not critical, but what throws me of is that apache ist looking for the certificate at Port 80
Anybody got an idea?
ports.conf is at default, I tried disabling Port 80 here but it didn't change the problem.
[Thu Jul 11 18:45:20.311500 2019] [ssl:warn] [pid 457] AH01909: mydomain.com:80:0 server certificate does NOT include an ID which matches the server name
For some reason, I can no longer issue letsencrypt certificate from the console. It used to work...
The Apache error log shows:
[ssl:warn] [pid 2397] AH01906: xxx.xxx.xxx:8080:0 server certificate is a CA certificate
[ssl:error] [pid 2397] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate!
[ssl:error] [pid 2397] AH02604: Unable to configure certificate xxx.xxx.xxx
The domain name (xxx.xxx.xxx) is the server's name not the website name I want to issue the cert to
Port 8080 was never opened to the world.
I run an Ubuntu (17.04) server that is hosting multiple sites. One of the sites I'm hosting now is an eCommerce site and needs an SSL certificate. I've gone through many different tutorials and I've followed every step but when I go to the site with HTTPS I'm just getting an error page.
The domain name in the screenshots below is fake.
First I bought the SSL certificate from Comodo. They requested the CSR from the server so I generated it using this command:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
I pasted the CSR and generated the CRT without issue. Now I have the CRT from Comodo and Updated my vhost for a secure connection:
<VirtualHost *:443>
ServerAdmin test#test.com
ServerName www.domain.com
ServerAlias domain.com
DirectoryIndex index.php
DocumentRoot /var/www/html/domain
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www_domain_com.crt
SSLCertificateKeyFile /etc/ssl/private/domain_com.key
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I then ran:
a2enmod ssl
And finally restarted apache. Now when I go to the site I'm only seeing this error page:
Looking at the apache error log the only hint to what might be wrong is the below message:
[Thu Aug 17 16:42:42.746221 2017] [mpm_prefork:notice] [pid 19871] AH00169: caught SIGTERM, shutting down
[Thu Aug 17 16:42:42.836087 2017] [ssl:warn] [pid 22306] AH01909: 2001:4802:7801:103:be76:4eff:fe20:7c04:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 17 16:42:42.874200 2017] [ssl:warn] [pid 22316] AH01909: 2001:4802:7801:103:be76:4eff:fe20:7c04:443:0 server certificate does NOT include an ID which matches the server name
[Thu Aug 17 16:42:42.878354 2017] [mpm_prefork:notice] [pid 22316] AH00163: Apache/2.4.25 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu Aug 17 16:42:42.878374 2017] [core:notice] [pid 22316] AH00094: Command line: '/usr/sbin/apache2'
Any help would really be appreciated. This is the first time this server has had an SSL website so maybe I am missing a step with openSSL or something.
Your first mistake is buying a certificate from Namecheap. I just recently had similar problems getting their crt to work. It wasn't until I decided to with Let's Encrypt and used their certbot to generate the SSL certificate that I was able to resolve the problem. I cannot prove this, but I suspect there is a problem with Namecheap's bundling tool which builds the signed certificate.
Let's Encrypt is a completely free open source project to solve your HTTPS needs. I also have multiple virtual hosts and got up and running with Let's Encrypt in minutes.
https://letsencrypt.org/
I am currently developing an API to communicate with an external service and they require that we use a two way auth with the certificate they sent.
I have received two files: .pem and .cer, both files have the -----BEGIN CERTIFICATE-----
I've tried several different ways to configure this on Apache 2.4, using SSLCACertificateFile, but all I get is errors saying it could not start server:
[Mon Dec 05 10:29:06.434853 2016] [ssl:emerg] [pid 6112] AH02572: Failed to configure at least one certificate and key for my-server.com:443
[Mon Dec 05 10:29:06.434872 2016] [ssl:emerg] [pid 6112] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
Would it be possible to configure this auth with just this files, or should I request the .key in order to configure everything?
Best
You can configure two way client Auth SSL certificate by getting third party certificate. Apache works on OpenSSL command so you have to create CSR, private key and install CA bundle and certificate.
Install Root certificate in Apache: https://www.alphassl.com/support/install-root/apache.html
For SSL installation in Apache: https://www.alphassl.com/support/install-ssl/apache.html
I suggest you to read this article which will help you to understand more deeply: http://www.stefanocapitanio.com/configuring-two-way-authentication-ssl-with-apache/
Things weird:
1:I compiled this LAMP environment with
./configure --enable-layout=RedHat --enable-so --enable-mods-shared=all --with-ldap --enable-ldap -enable-authnz-ldap --with-ssl=/usr/local/ssl --enable-ssl && make && make install
2: This configured for name based virtualhost with SSL(not for a
single virtualhost)
3: I can start the apache service with default website, but can't
start when i config the virtualhost
4: with testing too many times, I found i can start the apache
service with default website first, then modify the http.conf file to
uncomment virtualhost config line, and exec command "apachectl -k
restart", finally the virtualhost will be up.
5: I can't find any error messages from apache error log, It just
show:
[notice] Digest: generating secret for digest authentication ...
[crit] (4)Interrupted system call: Digest: error generating secret: Interrupted system call Configuration Failed
[warn] RSA server certificate CommonName (CN) `*.example.com' does NOT match server name!?
[warn] RSA server certificate CommonName (CN) `*.example.com' does NOT match server name!?
[warn] RSA server certificate CommonName (CN) `*.example.com' does NOT match server name!?
[warn] Init: SSL server IP/port conflict: china.example.com:443 (/etc/httpd/conf.d/china.conf:49) vs. hk.example.com:443 (/etc/httpd/conf.d/hk.conf:45)
[warn] Init: SSL server IP/port conflict: korea.tkeexample.com:443 (/etc/httpd/conf.d/korea.conf:45) vs. hk.example.com:443 (/etc/httpd/conf.d/hk.conf:45)
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
6: I know there are config mistake, but how can I find it, cause i
know there is not place to find out error from virtualhost
configuration.